<!DOCTYPE html>
<html lang="en-us">
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
    
<meta charset="UTF-8">
<title>Bootstrap Checks for X-Pack | Elasticsearch Guide [7.7] | Elastic</title>
<link rel="home" href="index.html" title="Elasticsearch Guide [7.7]">
<link rel="up" href="setup.html" title="Set up Elasticsearch">
<link rel="prev" href="_discovery_configuration_check.html" title="Discovery configuration check">
<link rel="next" href="starting-elasticsearch.html" title="Starting Elasticsearch">
<meta name="DC.type" content="Learn/Docs/Elasticsearch/Reference/7.7">
<meta name="DC.subject" content="Elasticsearch">
<meta name="DC.identifier" content="7.7">
<meta name="robots" content="noindex,nofollow">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <script src="https://cdn.optimizely.com/js/18132920325.js"></script>
    <link rel="apple-touch-icon" sizes="57x57" href="/apple-icon-57x57.png">
    <link rel="apple-touch-icon" sizes="60x60" href="/apple-icon-60x60.png">
    <link rel="apple-touch-icon" sizes="72x72" href="/apple-icon-72x72.png">
    <link rel="apple-touch-icon" sizes="76x76" href="/apple-icon-76x76.png">
    <link rel="apple-touch-icon" sizes="114x114" href="/apple-icon-114x114.png">
    <link rel="apple-touch-icon" sizes="120x120" href="/apple-icon-120x120.png">
    <link rel="apple-touch-icon" sizes="144x144" href="/apple-icon-144x144.png">
    <link rel="apple-touch-icon" sizes="152x152" href="/apple-icon-152x152.png">
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-icon-180x180.png">
    <link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32">
    <link rel="icon" type="image/png" href="/android-chrome-192x192.png" sizes="192x192">
    <link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96">
    <link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16">
    <link rel="manifest" href="/manifest.json">
    <meta name="apple-mobile-web-app-title" content="Elastic">
    <meta name="application-name" content="Elastic">
    <meta name="msapplication-TileColor" content="#ffffff">
    <meta name="msapplication-TileImage" content="/mstile-144x144.png">
    <meta name="theme-color" content="#ffffff">
    <meta name="naver-site-verification" content="936882c1853b701b3cef3721758d80535413dbfd">
    <meta name="yandex-verification" content="d8a47e95d0972434">
    <meta name="localized" content="true">
    <meta name="st:robots" content="follow,index">
    <meta property="og:image" content="https://www.elastic.co/static/images/elastic-logo-200.png">
    <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
    <link rel="icon" href="/favicon.ico" type="image/x-icon">
    <link rel="apple-touch-icon-precomposed" sizes="64x64" href="/favicon_64x64_16bit.png">
    <link rel="apple-touch-icon-precomposed" sizes="32x32" href="/favicon_32x32.png">
    <link rel="apple-touch-icon-precomposed" sizes="16x16" href="/favicon_16x16.png">
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
    <link rel="stylesheet" type="text/css" href="/guide/static/styles.css">
  </head>

  <!--© 2015-2021 Elasticsearch B.V. Copying, publishing and/or distributing without written permission is strictly prohibited.-->

  <body>
    <!-- Google Tag Manager -->
    <script>dataLayer = [];</script><noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-58RLH5" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
    <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= '//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-58RLH5');</script>
    <!-- End Google Tag Manager -->

    <!-- Global site tag (gtag.js) - Google Analytics -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-12395217-16"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());
      gtag('config', 'UA-12395217-16');
    </script>

    <!--BEGIN QUALTRICS WEBSITE FEEDBACK SNIPPET-->
    <script type="text/javascript">
      (function(){var g=function(e,h,f,g){
      this.get=function(a){for(var a=a+"=",c=document.cookie.split(";"),b=0,e=c.length;b<e;b++){for(var d=c[b];" "==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};
      this.set=function(a,c){var b="",b=new Date;b.setTime(b.getTime()+6048E5);b="; expires="+b.toGMTString();document.cookie=a+"="+c+b+"; path=/; "};
      this.check=function(){var a=this.get(f);if(a)a=a.split(":");else if(100!=e)"v"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(":"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case "v":return!1;case "r":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(":")),!c}return!0};
      this.go=function(){if(this.check()){var a=document.createElement("script");a.type="text/javascript";a.src=g;document.body&&document.body.appendChild(a)}};
      this.start=function(){var a=this;window.addEventListener?window.addEventListener("load",function(){a.go()},!1):window.attachEvent&&window.attachEvent("onload",function(){a.go()})}};
      try{(new g(100,"r","QSI_S_ZN_emkP0oSe9Qrn7kF","https://znemkp0ose9qrn7kf-elastic.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_emkP0oSe9Qrn7kF")).start()}catch(i){}})();
    </script><div id="ZN_emkP0oSe9Qrn7kF"><!--DO NOT REMOVE-CONTENTS PLACED HERE--></div>
    <!--END WEBSITE FEEDBACK SNIPPET-->

    <div id="elastic-nav" style="display:none;"></div>
    <script src="https://www.elastic.co/elastic-nav.js"></script>

    <!-- Subnav -->
    <div>
      <div>
        <div class="tertiary-nav d-none d-md-block">
          <div class="container">
            <div class="p-t-b-15 d-flex justify-content-between nav-container">
              <div class="breadcrum-wrapper"><span><a href="/guide/" style="font-size: 14px; font-weight: 600; color: #000;">Docs</a></span></div>
            </div>
          </div>
        </div>
      </div>
    </div>

    <div class="main-container">
      <section id="content">
        <div class="content-wrapper">

          <section id="guide" lang="en">
            <div class="container">
              <div class="row">
                <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                  <!-- start body -->
                  <div class="page_header">
<strong>IMPORTANT</strong>: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
<a href="../current/index.html">current release documentation</a>.
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="setup.html">Set up Elasticsearch</a></span>
»
<span class="breadcrumb-node">Bootstrap Checks for X-Pack</span>
</div>
<div class="navheader">
<span class="prev">
<a href="_discovery_configuration_check.html">« Discovery configuration check</a>
</span>
<span class="next">
<a href="starting-elasticsearch.html">Starting Elasticsearch »</a>
</span>
</div>
<div class="chapter xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="bootstrap-checks-xpack"></a>Bootstrap Checks for X-Pack<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/setup/bootstrap-checks-xes.asciidoc">edit</a><a class="xpack_tag" href="/subscriptions"></a>
</h2>
</div></div></div>
<p>In addition to the <a class="xref" href="bootstrap-checks.html" title="Bootstrap Checks">Elasticsearch bootstrap checks</a>, there are
checks that are specific to X-Pack features.</p>
<h3>
<a id="_encrypt_sensitive_data_check"></a>Encrypt sensitive data check<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/setup/bootstrap-checks-xes.asciidoc">edit</a>
</h3>
<p>If you use Watcher and have chosen to encrypt sensitive data (by setting
<code class="literal">xpack.watcher.encrypt_sensitive_data</code> to <code class="literal">true</code>), you must also place a key in
the secure settings store.</p>
<p>To pass this bootstrap check, you must set the <code class="literal">xpack.watcher.encryption_key</code>
on each node in the cluster. For more information, see <a class="xref" href="encrypting-data.html" title="Encrypting sensitive data in Watcher"><em>Encrypting sensitive data in Watcher</em></a>.</p>
<h3>
<a id="_pki_realm_check"></a>PKI realm check<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/setup/bootstrap-checks-xes.asciidoc">edit</a>
</h3>
<p>If you use Elasticsearch security features and a Public Key Infrastructure (PKI) realm,
you must configure Transport Layer Security (TLS) on your cluster and enable
client authentication on the network layers (either transport or http). For more
information, see <a class="xref" href="pki-realm.html" title="PKI user authentication">PKI user authentication</a> and <a class="xref" href="ssl-tls.html" title="Setting up TLS on a cluster">Setting up TLS on a cluster</a>.</p>
<p>To pass this bootstrap check, if a PKI realm is enabled, you must configure TLS
and enable client authentication on at least one network communication layer.</p>
<h3>
<a id="_role_mappings_check"></a>Role mappings check<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/setup/bootstrap-checks-xes.asciidoc">edit</a>
</h3>
<p>If you authenticate users with realms other than <code class="literal">native</code> or <code class="literal">file</code> realms, you
must create role mappings. These role mappings define which roles are assigned
to each user.</p>
<p>If you use files to manage the role mappings, you must configure a YAML file
and copy it to each node in the cluster. By default, role mappings are stored in
<code class="literal">ES_PATH_CONF/role_mapping.yml</code>. Alternatively, you can specify a
different role mapping file for each type of realm and specify its location in
the <code class="literal">elasticsearch.yml</code> file. For more information, see
<a class="xref" href="mapping-roles.html#mapping-roles-file" title="Using role mapping files">Using role mapping files</a>.</p>
<p>To pass this bootstrap check, the role mapping files must exist and must be
valid. The Distinguished Names (DNs) that are listed in the role mappings files
must also be valid.</p>
<h3>
<a id="bootstrap-checks-tls"></a>SSL/TLS check<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/setup/bootstrap-checks-xes.asciidoc">edit</a>
</h3>
<p>If you enable Elasticsearch security features, unless you have a trial license, you
must configure SSL/TLS for internode-communication.</p>
<div class="note admon">
<div class="icon"></div>
<div class="admon_content">
<p>Single-node clusters that use a loopback interface do not have this
requirement.  For more information, see
<a class="xref" href="encrypting-communications.html" title="Encrypting communications"><em>Encrypting communications</em></a>.</p>
</div>
</div>
<p>To pass this bootstrap check, you must
<a class="xref" href="ssl-tls.html" title="Setting up TLS on a cluster">set up SSL/TLS in your cluster</a>.</p>
<h3>
<a id="_token_ssl_check"></a>Token SSL check<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/setup/bootstrap-checks-xes.asciidoc">edit</a>
</h3>
<p>If you use Elasticsearch security features and the built-in token service is enabled,
you must configure your cluster to use SSL/TLS for the HTTP interface. HTTPS is
required in order to use the token service.</p>
<p>In particular, if <code class="literal">xpack.security.authc.token.enabled</code> is
set to <code class="literal">true</code> in the <code class="literal">elasticsearch.yml</code> file, you must also set
<code class="literal">xpack.security.http.ssl.enabled</code> to <code class="literal">true</code>. For more information about these
settings, see <a class="xref" href="security-settings.html" title="Security settings in Elasticsearch">Security settings</a> and <a class="xref" href="modules-http.html" title="HTTP">HTTP</a>.</p>
<p>To pass this bootstrap check, you must enable HTTPS or disable the built-in
token service.</p>
</div>
<div class="navfooter">
<span class="prev">
<a href="_discovery_configuration_check.html">« Discovery configuration check</a>
</span>
<span class="next">
<a href="starting-elasticsearch.html">Starting Elasticsearch »</a>
</span>
</div>
</div>

                  <!-- end body -->
                </div>
                <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                  <div id="rtpcontainer" style="display: block;">
                    <div class="mktg-promo">
                      <h3>Most Popular</h3>
                      <ul class="icons">
                        <li class="icon-elasticsearch-white"><a href="https://www.elastic.co/webinars/getting-started-elasticsearch?baymax=default&amp;elektra=docs&amp;storm=top-video">Get Started with Elasticsearch: Video</a></li>
                        <li class="icon-kibana-white"><a href="https://www.elastic.co/webinars/getting-started-kibana?baymax=default&amp;elektra=docs&amp;storm=top-video">Intro to Kibana: Video</a></li>
                        <li class="icon-logstash-white"><a href="https://www.elastic.co/webinars/introduction-elk-stack?baymax=default&amp;elektra=docs&amp;storm=top-video">ELK for Logs &amp; Metrics: Video</a></li>
                      </ul>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </section>

        </div>


<div id="elastic-footer"></div>
<script src="https://www.elastic.co/elastic-footer.js"></script>
<!-- Footer Section end-->

      </section>
    </div>

<script src="/guide/static/jquery.js"></script>
<script type="text/javascript" src="/guide/static/docs.js"></script>
<script type="text/javascript">
  window.initial_state = {}</script>
  </body>
</html>
